NetGear patches Nighthawk Vulnerability
Resarchers have found a security flaw in NetGear firmware that allows unrestricted communication with the internet facing ports of the device listening through IPv6.
The vulnerability affects Netgear model RAX30, also known as the Nighthawk AX5 5-Stream AX2400 WiFi 6 Router.
The researchers found the bug while looking to enter Pwn2Own Toronto. The NetGear Nighthawk RAX30 is a popular model for home users and small businesses, which is one of the reasons why it was selected as a target for the Pwn2Own contest.
The vulnerability found by the researchers and patched just before the deadline, allowed unrestricted communication with any services listening via IPv6 on the WAN port of the device, including SSH and Telnet operating on ports 22 and 23 respectively.
NetGear frustrated a lot of participants by issuing the 126.96.36.199 hotfix one day before the registration deadline for Pwn2Own. The patch invalidated the submission of this vulnerability.
Important to note is that having the “check for updates” or even the auto-update options enabled is not sufficient to get this hotfix. It needs to be downloaded manually and applied following the instructions.
Although the researchers shared no further details about their attack chain that was crippled by the patch, having telnet and SSH available makes it very likely they could have reconfigured the router, stolen data, or at least put it out of service.